[emeraldnzl]

Hi Cixelsyd,

Sorry for the delay. Automatic notifications on the blink again. PM me if there is a delay of say 24hours in me getting back to you.

Now, when you downloaded that MPass.exe and click on it, it should create and ISO which you can burn to a CD. Burn it to a cd as an ISO image. It's important you burn as an ISO. Burning the ISO image file to a CD or DVD is a bit different than just burning the file. You need to choose the "burn image" or "write image" option in your burning software and then choose the file.

Also sometimes the download can get corrupted and you have to download again. I think that one should be about 1.76mb.

Try again and tell me if you have further difficulty.

[Advertisements]

Do I create the ISO from the infected computer or another computer?

[Cixelsyd]

Do I create the ISO from the infected computer or another computer?

[emeraldnzl]

I was assuming you would download to the clean computer, burn the ISO and then use it to boot up the sick machine. After that follow the instructions I posted.

Are you saying you have internet connection on the sick computer now?

This link might be helpful:

Go to the link below for information on how to burn an ISO

http://pcsupport.abo...burnisofile.htm

[Cixelsyd]

Ok, just wanted to be sure... no internet on the computer... just wanted to make sure I understood the steps...

Will be burning it shortly on my clean computer.

Thanks.

[emeraldnzl]

[Cixelsyd]

Burned the ISO disk, put it in and got this error.

Windows could not start because the following file is missing or corrupt

<windows root>\system32\hal.dll
Please re-install a copy of the above file.

[emeraldnzl]

So I take it that you were able to boot from the disk OK but you got the error message when the computer attempted to load windows?

Alternatively did it bring up that error when the computer attempted to boot from the disk?

The reason I ask is that I believe that that error can be caused when the default value in the [Boot Loader] section of the Boot.ini file is missing or invalid. In other words the ISO may be corrupted and you may need to download and burn a new image to boot from.

[Cixelsyd]

Downloaded and burned a new ISO and got the same message. it is prior to windows... it is right after it attempts to boot from the disk

[emeraldnzl]

What happens if you don't use the disk to boot up?

Are you able to get to Windows albeit without internet connection?

[Cixelsyd]

I am able to get to windows, no internet connection... on a regular boot.

It is not doing that error where it reboots in 60 seconds, but I also notice that my fingerprint scanner also isn't powered. The fix we did that got internet but had it rebooting also got the scanner powered again... not sure what has changed.

So what about the iso disk? wonder why it's getting an error?

[emeraldnzl]

So what about the iso disk? wonder why it's getting an error?

Well here are a couple of thoughts:

Something getting in the way... malware or corruption caused by malware.

Bad download and burn although we have tried that one.

One thought... is your computer set to boot first from the CD/DVD drive?

Also let's see if we can find the dll that is reported missing.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  *hal.dll*
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

[Cixelsyd]

SystemLook 04.09.10 by jpshortstuff
Log created at 19:50 on 22/10/2010 by Steve
Administrator - Elevation successful

========== filefind ==========

Searching for "*hal.dll*"
C:\I386\hal.dll --a---- 134400 bytes [17:22 22/01/2005] [04:59 04/08/2004] DFCE51FD96909D1B97D4A1A72D060D77
C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll --a---- 17880 bytes [21:50 27/07/2009] [21:55 22/04/2010] BEB10DE06617501F696E65942894C3D1
C:\WINDOWS\$NtServicePackUninstall$\hal.dll -----c- 134400 bytes [14:05 07/09/2008] [04:59 04/08/2004] DFCE51FD96909D1B97D4A1A72D060D77
C:\WINDOWS\ServicePackFiles\i386\hal.dll ------- 105344 bytes [23:51 06/09/2008] [18:31 13/04/2008] 6DB1E72AD3B372DFC451B7F54BA08AA7
C:\WINDOWS\SYSTEM32\HAL.DLL --a---- 134400 bytes [06:00 01/01/1980] [18:31 13/04/2008] 4329EE7D502C9113EBA0F9570392F5EE

-= EOF =-

[emeraldnzl]

That seems okay to me.

I have been thinking about this and I wonder whether I have caused the disk not to work by telling you to use the clean computer to burn from.

When I checked support microsoft I see that you need to copy some files from a machine that has the same version as the sick one.

Let's try downloading that file and saving it to the sick machine and burning it from there.

[Cixelsyd]

I installed the burning software on the infected PC... when I run it I get this error...

Runtime Error '462'
The remote server machine does not exist or is unavailable

[emeraldnzl]

Hello Cixelsyd,

Not having much luck are we.

I am going to consult again on this.

Meantime, on the off chance that the GMER one is a false positive, here is one to try while we are waiting.

It is a pretty big download but is very useful at detecting\cleaning rootkits or whatever it finds.

As before you will have to download to the clean computer... once it has downloaded it's definitions (can take a bit of time) save and transfer to the sick machine and run.

Please click here to download VRT Tool by Kaspersky.

• Save it to your desktop
• Double click the setup file to run it
• Choose your language and click OK
• A Virus Removal Tool Wizard will appear. Click Next
• Accept the agreement and click Next
• Click Next to install
• When installed a pop up window will appear.
• On the Autoscan panel check all items
• Click on Start Scan
• When finished (this can take some time... just be patient and let it do its job) click the Report button
• Click the top right button Save.
• Save to your desktop as Kaspersky report.txt

Copy and past the report back here.

Click Exit and Yes to uninstall Kaspersky VRT. Click yes to the prompts to complete the process.

Note: This tool will self uninstall when you click Exit so please save the log before closing it.